HIPAA Confidentiality Agreement
USER HIPAA CONFIDENTIALITY AGREEMENT
By checking on the “Agree” box for the “HIPAA Confidentiality Agreement” during the www.TheFreeDentist.com sign up process, you have read, reviewed, understood, and agreed to the terms below. This will also confirm you e-signature.
I understand that I am responsible for reading and understanding the attached HIPAA document.
www.TheFreeDentist.com HIPAA PRIVACY RULES
As a user of www.thefreedentist.com (“TheFreeDentist.com”), you are required to learn about the health information privacy requirements (“Privacy Rule”) of a federal law called HIPAA (Health Insurance Portability and Accountability Act). The purpose of this document is to summarize relevant thefreedentist.com policies dealing with protecting patient’s health information.
PROTECTED HEALTH INFORMATION
The Privacy Rule defines how thefreedentist.com, staff in health care settings, and thefreedentist.com Users in clinical training programs can access, use, disclose, and maintain confidential patient information called "Protected Health Information" ("PHI"). PHI includes written, spoken, and electronic information. PHI means any information that identifies a patient, including demographic, financial, and medical, that is created by a health care provider or health plan that relates to the past present or future condition, treatment, or payment of the individual. The Privacy Rule very broadly defines “identifiers” to include not only patient name, address, and social security number, but also, for example, fax numbers, email addresses, vehicle identifiers, URLs, photographs, and voices or images on tapes or electronic media. When in doubt, you should assume that any individual health information is protected under HIPAA. The following lists ways in which you are permitted and prohibited from accessing, using, and disclosing PHI while using TheFreedDentist.com.
This Agreement is entered into by and between (“thefreedentist.com”) and thefreedentist.com User to set forth the terms and conditions under which “protected health information” (PHI), as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and Regulations enacted hereunder, created or received by (“Business Associate”) on behalf of (“thefreedentist.com”) may be used or disclosed.
This Agreement shall commence on the date by which thefreedentist.com User registers on the website and the obligations herein shall continue in effect so long as thefreedentist.com User uses, discloses, creates or otherwise possesses any protected health information created or received on behalf of (“thefreedentist.com”) and until all protected health information created or received by thefreedentist.com User on behalf of (“thefreedentist.com”) is destroyed or returned to (“thefreedentist.com”) pursuant to Paragraph 15 herein.
1) (“thefreedentist.com”) and thefreedentist.com User hereby agree that thefreedentist.com User shall NOT be permitted to use and/or disclose protected health information created or received on behalf of (“thefreedentist.com”).
2) thefreedentist.com User may NOT use and disclose protected health information created or received by thefreedentist.com User on behalf of (“thefreedentist.com”) if necessary for the proper management and administration of thefreedentist.com User or to carry out. legal responsibilities, provided that any disclosure is:
a) Required by law, or
b) thefreedentist.com User obtains reasonable assurances from the person to whom the protected health information is disclosed that (i) the protected health information will be held confidentially and used or further disclosed only as required by law or for the purpose for which it was disclosed to the person; and (ii) thefreedentist.com User will be notified of any instances of which the person is aware in which the confidentiality of the information is breached.
3) thefreedentist.com User hereby agrees to maintain the security and privacy of all protected health information in a manner consistent with California State and Federal laws and regulations, including the Health insurance Portability and Accountability Act of 1996 (“HIPAA”) and regulations hereunder, and all other applicable law.
4) thefreedentist.com User further agrees not to use or disclose protected health information except as expressly permitted by this Agreement, applicable law, or for the purpose of managing thefreedentist.com User own internal business processes consistent with Paragraph 2 herein.
5) thefreedentist.com User shall not disclose protected health information to any member of its workforce unless thefreedentist.com User has advised such person (employee) of thefreedentist.com User privacy and security obligations and policies under this Agreement, including the consequences for violation of such obligations. thefreedentist.com User shall take appropriate disciplinary action against any member of its workforce who uses or discloses protected health information in violations of this Agreement and applicable law.
6) thefreedentist.com User shall not disclose protected health information created or received by thefreedentist.com User on behalf of (“thefreedentist.com”) to a person, including any agent or subcontractor of thefreedentist.com User but not including a member of Prime Clinical Systems. Inc.’s own workforce, until such person agrees in writing to be bound by the provisions of the Agreement and applicable California State or Federal law.
7) thefreedentist.com User agrees to use appropriate safeguards to prevent use or disclosure of protected health information not permitted by this Agreement or applicable law.
8) thefreedentist.com User agrees to maintain a record of all disclosures of protected health information, including disclosures not made for the purposes of this Agreement. Such record shall include the date of the disclosure, the name and, if known, the address of the recipient of the protected health information, the name of the individual who is the subject of the protected health information, a brief description of the protected health information disclosed, and the purpose of the disclosure. thefreedentist.com User shall make such record available to an individual who is the subject of such information or (“thefreedentist.com”) within five (5) working days of a request and shall include disclosures made on or after the date which is six (6) years prior to the request or April 14, 2003, whichever date is later.
9) thefreedentist.com User agrees to report to (“thefreedentist.com”) any unauthorized use or disclosure of protected health information by thefreedentist.com User or its workforce or subcontractors and the remedial action taken or proposed to be taken with respect to such use or disclosure.
10) thefreedentist.com User agrees to make its internal practices, books, and records relating to the use and disclosure of protected health information received from (“thefreedentist.com”) or created or received by thefreedentist.com User on behalf of (“thefreedentist.com”), available to the Secretary of the United States Department of Health and Human Services, for purposes of determining the Covered Entity’s compliance with HIPAA.
11) thefreedentist.com User agrees to amend, pursuant to a request by (“thefreedentist.com”), protected health information maintained and created or received by Business Associate, on behalf of the Practitioner. thefreedentist.com User further agrees to complete such amendment within thirty (30) days of a written request by (“thefreedentist.com”), and to make such amendment as directed by (“thefreedentist.com”).
12) In the event thefreedentist.com User fails to perform the obligations under this Agreement, (“thefreedentist.com”) may, at its option:
a) Require thefreedentist.com User to submit to a plan of compliance, including monitoring by (“thefreedentist.com”) and reporting by Business Associate, as (“thefreedentist.com”), in its sole discretion, determines necessary to maintain compliance with this Agreement and applicable law. Such plan shall be incorporated into this Agreement by amendment hereto: and
b) Require thefreedentist.com User to mitigate any loss occasioned by the unauthorized disclosure or use of protected health information.
c) Immediately discontinue providing protected health information to thefreedentist.com User with or without written notice to Business Associate
13) (“thefreedentist.com”) may immediately terminate this Agreement and related agreements if (“thefreedentist.com”) determines that thefreedentist.com User has breached a material term of this Agreement. Alternatively, (“thefreedentist.com”) may choose to (i) provide thefreedentist.com User with ten (10) days written notice of the existence of an alleged material breach; and (ii) afford thefreedentist.com User an opportunity to cure said alleged material breach to the satisfaction of (“thefreedentist.com”) within (10) days. Business Associate’s failure to cure shall be grounds for immediate termination of this agreement. (“thefreedentist.com”)’s remedies under this Agreement are cumulative, and the exercise of any remedy shall not preclude the exercise of any other.
14) Upon termination of this Agreement, thefreedentist.com User shall return or destroy all protected health information received from (“thefreedentist.com”), or created or received by thefreedentist.com User on behalf of (“thefreedentist.com”) and that thefreedentist.com User maintains in any form, and shall retain no copies of such information. If the parties mutually agree that return or destruction of protected health information is not feasible, thefreedentist.com User shall continue to maintain the security and privacy of such protected health information in a manner consistent with the obligations of this Agreement and as required by applicable law, and shall limit further use of the information to those purposes that make the return or destruction of the information infeasible. The duties hereunder to maintain the security and privacy of protected health information shall survive the discontinuance of this Agreement.
15) (“thefreedentist.com”) may amend this Agreement by providing ten (10) days prior written notice to thefreedentist.com User in order to maintain compliance with California State or Federal law. Such amendment shall be binding upon thefreedentist.com User at the end of the ten (10) day period and shall not require the consent of thefreedentist.com User thefreedentist.com User may elect to discontinue the Agreement within the ten (10) day period, but thefreedentist.com User duties hereunder to maintain the security and privacy of PROTECTED HEALTH INFORMATION shall survive such discontinuance. (“thefreedentist.com”) and thefreedentist.com User may otherwise amend this Agreement by mutual written agreement.
16) thefreedentist.com User shall, to the fullest extent permitted by law, protect, defend, indemnify and hold harmless (“thefreedentist.com”) and his/her respective employees, directors, and agents (“Indemnities”) from and against any and all losses, costs, claims, penalties, fines, demands, liabilities, legal actions, judgments, and expenses of every kind (including reasonable attorney’s fees, including at trial and on appeal) asserted or imposed against any Indemnities arising out of the acts or omissions of thefreedentist.com User or any of Business Associate’s employees, directors, or agents related to the performance or nonperformance of this Agreement.
GUIDELINES FOR PROTECTING PHI WHILE USING thefreedentist.com
Below are common sense steps to take to protect PHI when using it, such as:
● If you see a medical record in public view where patients or others can see it, cover the file, turn it over, or find another way to protect it
● When you talk about patients as part of your training, try to prevent others from overhearing the conversation. Whenever possible, hold conversations about patients in private areas.
● When medical records are not in use, store them in offices, shelves or filing cabinets
● Remove patient documents from faxes and copiers as soon as you can.
● Make sure you throw away documents containing PHI in thefreedentist.com confidential bins for shredding.
● Never remove the patient’s official medical record from the training site.
● Log out of electronic systems containing PHI when you are done using them.
● Avoid removing copies of PHI from the training site; if you must remove copies of PHI from the training site, e.g., to complete homework, take appropriate steps to safeguard the PHI outside of the training site and properly dispose of the PHI when you are done with it. You should not leave PHI out where your family members or others may see it. All copies of PHI should be shredded when they are no longer needed for your training purposes.
Because of potential security risks, you are not permitted to e-mail PHI to anyone.
Requests for PHI by Law Enforcement
Requests for PHI by law enforcement officers (e.g. police, sheriff) must be referred to the patient’s primary caregiver (e.g. nurse) to ensure that proper procedures are followed.
FAILURE TO FOLLOW thefreedentist.com POLICIES GOVERNING PHI
Failure to follow polices governing access to, and use and disclosure of PHI will result in being denied access to thefreedentist.com facilities and clinical sites. Failure to follow polices governing access to, and use and disclosure of PHI may also result in civil and criminal penalties under federal law.
Defined terms used in this Agreement are defined in Attachment A. Capitalized terms used but not otherwise defined in Attachment A will have the meanings set forth at 45 CFR Parts 160-164.
2. PERMITTED PURPOSES FOR USE OR DISCLOSURE OF PHI; HIPAA TRAINING.
Subject to the terms and conditions of this Agreement, thefreedentist.com User is permitted to use and/or disclose PHI under this Agreement only as minimally necessary to perform Covered Functions on behalf of thefreedentist.com. thefreedentist.com User understands that he/she must undergo thefreedentist.com’s standard internal HIPAA training as a condition to becoming a pharmacy extern at thefreedentist.com. thefreedentist.com User acknowledges and agrees that his/her obligations to protect all PHI in accordance with such training and this Agreement continues forever, even after thefreedentist.com User completes his/her pharmacy externship and is no longer affiliated with thefreedentist.com.
3. OBLIGATIONS OF thefreedentist.com USER AS A thefreedentist.com USER
a.Limits On Use And Further Disclosure. thefreedentist.com User will not use or disclose any PHI other than as permitted or required by this Agreement, or as Required by Law.
b. Appropriate Safeguards. thefreedentist.com User will use appropriate safeguards and security measures to prevent any use or disclosure of PHI other than as permitted by this Agreement.
c. Reports of Improper Use, Disclosure or Security Incidents. thefreedentist.com User agrees that he/she will immediately report to thefreedentist.com: (i) any use or disclosure of PHI of which he/she becomes aware which is not provided for or permitted by this Agreement, or (ii) any Security Incidents.
d. Mitigation Procedures. To the maximum extent practicable, thefreedentist.com User will mitigate, and cooperate with thefreedentist.com to mitigate, any harmful effect resulting from any use or disclosure of PHI by thefreedentist.com User in violation of this Agreement or the HIPAA Privacy and Security Regulations.
e. Property Rights. As between the parties, all PHI hereunder is and will remain the property of thefreedentist.com. thefreedentist.com User agrees that he/she acquires no right, title or interest in the PHI, including any de-identified information, as a result of his/her relationship with thefreedentist.com.
f. Attachment A. The provisions set forth in Attachment A are required by law to be included in all thefreedentist.com User Agreements and, as such, are incorporated by reference into this Agreement; however, they apply to thefreedentist.com User only to the extent applicable to thefreedentist.com User’s role as a thefreedentist.com User observer or pharmacy extern in a thefreedentist.com pharmacy. Such provisions in no way authorize thefreedentist.com User to remove any PHI from a thefreedentist.com pharmacy or to use or disclose any PHI other than as directly instructed by the thefreedentist.com employee assigned to train thefreedentist.com User.
4. Obligations of COVERED ENTITY.
Provision of Notice of Privacy Practices. thefreedentist.com shall provide thefreedentist.com User with the Notice of Privacy Practices that thefreedentist.com produces in accordance with 45 CFR §164.520, as well as changes to such notice.
5. NON-DISCLOSURE OF CONFIDENTIAL INFORMATION.
thefreedentist.com User shall not use any Confidential Information for any purpose, except as is necessary in connection with the proper conduct of thefreedentist.com User’s pharmacy externship. thefreedentist.com User shall not disclose any Confidential Information to any person or entity other than authorized thefreedentist.com pharmacy employees in connection with their performance of their duties or their assistance in thefreedentist.com User’s training. thefreedentist.com User is personally obligated to maintain the confidentiality of the Confidential Information at all times, no matter in what form thefreedentist.com User receives or becomes aware of such Confidential Information. thefreedentist.com User acknowledges and agrees that his/her obligation to maintain the confidentiality of the Confidential Information shall continue forever, even after thefreedentist.com User completes his/her pharmacy externship and is no longer affiliated with thefreedentist.com.
6. RETURN OR DESTRUCTION OF PHI AND CONFIDENTIAL INFORMATION.
Upon any termination or expiration of this Agreement or the earlier request of thefreedentist.com, thefreedentist.com User immediately will return or destroy all PHI and Confidential Information received from, or created for or on behalf of, thefreedentist.com, including any such information created or received by thefreedentist.com User for or on behalf of thefreedentist.com. Following such return, thefreedentist.com User will not retain any PHI or Confidential Information, whether in tangible or intangible form, or any copies thereof, whether in set forth in documents, extracts, summaries or other formats. If return or destruction of the PHI is not feasible, thefreedentist.com User will extend the protections of this Agreement to limit any further use or disclosure of such PHI and/or Confidential Information until such time as the PHI and/or Confidential Information can be returned or destroyed. If thefreedentist.com User elects to destroy the PHI and/or Confidential Information, he/she shall certify to thefreedentist.com that such information has been destroyed.
7. BREACH OF THIS AGREEMENT.
If thefreedentist.com User in any way fails to comply with this Agreement or fails to protect the PHI and Confidential Information from unauthorized use or disclosure, such non-compliance will constitute a material breach of the Agreement and will be grounds for immediate termination of thefreedentist.com User’s relationship with thefreedentist.com. thefreedentist.com User understands that any such failure may subject thefreedentist.com User to severe penalties, including (i) civil fines, penalties and/or criminal sanctions against thefreedentist.com User and/or thefreedentist.com; (ii) a civil lawsuit and judgment against thefreedentist.com User personally and/or thefreedentist.com; and (iii) notification to appropriate regulators and law enforcement agencies of thefreedentist.com User’s unauthorized disclosure of PHI.
8. TERM; GENERAL.
This Agreement will begin on the Effective Date and continue in effect until terminated by thefreedentist.com by written notice to thefreedentist.com User, provided that no such termination will be effective until thefreedentist.com User has returned to thefreedentist.com or destroyed all Confidential Information, including PHI, in accordance with this Agreement. Notwithstanding the foregoing, all provisions of this Agreement which by their nature are intended to survive termination shall so survive. This Agreement constitutes the entire agreement between the parties with respect to its subject matter. This Agreement may not be amended except in a writing signed by both parties. This Agreement may be executed in counterparts. Facsimile signatures shall be as effective as original signatures.